Results 1 to 5 of 5
  1. #1
    Newbie
    Join Date
    Dec 2019
    Posts
    2

    Question OpenVPN cannot access routers behind Untangle router.

    Any help would much appreciated. I have used Untangle for years. But Open VPN is fairly new to me.

    Goal
    Access entire network via VPN Client


    Problem:
    While I can successfully connect with a VPN Client remotely to Untangle and even ping the Untangle appliance. I cannot access the rest of my network behind the untangle router. This consists of two additional routers on separate subnets.

    VPN Details
    VPN Server NAT’d
    VPN Client Exported Networks are 192.168.3.0/24 and 192.168.4.0/24

    Test Results
    I can successfully ping Untangle(192.168.1.1) from each internal subnet of 192.168.3.0 and 192.168.4.0. Using CMD from local PC on either subnet.

    I cannot successfully ping each subnet of 192.168.3.0 and 192.168.4.0 from Untangle (19.168.1.1.) using the Troubleshooting Ping Test.

    I do have full internet connectivity on the network.

    • I haven’t port forwarded anything yet
    • I haven’t Added Static Routes
    • I haven’t Changed NAT settings (Both Eth0 and Eth1) are NAT'd.
    • Both routers are still default NAT'd
    • I haven’t adjusted Access Rules
    • No address pools have been added to Untangle or either router


    8E2D54CB-8C44-415B-BDAE-E7DCAD061981.png
    Last edited by Preston_hadley; 02-13-2020 at 01:16 PM.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,363

    Default

    This is the first problem to solve

    "I cannot successfully ping each subnet of 192.168.3.0 and 192.168.4.0 from Untangle (19.168.1.1.) using the Troubleshooting Ping Test."

    My guess is the the other routers on you network are using NAT or filtering and are blocking pings from 192.168.1.x network.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,001

    Default

    *Sniff* *Sniff*

    I smell... the stench of double NAT!

    The router indicated in the middle of your diagram that houses the 192.168.4.0/24 network, is probably performing NAT. You need to disable it. Once you do so, Internet traffic through that device is going to fail. To restore it, you need a static route on Untangle targeting 192.168.4.0/24 and aiming it at 192.168.1.4.

    After you do that, if Untangle can't ping anything on the .4 network, it's probably local firewalls.

    The same thing holds true for the .3 network.

    Now, you can make your life a ton easier by just ditching those routers entirely, turning them into WAPs, and using a dedicated interface on Untangle for each one.
    Last edited by sky-knight; 02-13-2020 at 03:04 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Newbie
    Join Date
    Dec 2019
    Posts
    2

    Default

    This sounds about correct.
    I setup the static route in Untangle and I am about to Turn off NAT on the Business Router. However, the only other option is Dynamic Routing (RIP).

    Also Would I need to create a route on this router as well? Or only on Untangle?

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,001

    Default

    The routers behind Untangle should have their default gateway set to Untangle, that is the route for them.

    They might need routes for the networks beyond themselves if you want them to communicate directly, but Untangle can bridge that gap too while giving you control so I wouldn't do that for myself.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2